pfSense-pkg-snort 3.2.9.1_6 -- more Bootstrap bug fixes and binary update to 2.9.8.0

security/pfSense-pkg-snort/files/usr/local/pkg/snort/snort.inc

@@ -34,7 +34,7 @@
 require_once("pfsense-utils.inc");
 require_once("config.inc");
 require_once("functions.inc");
-require_once("service-utils.inc");
+require_once("service-utils.inc"); // Need this to get RCFILEPREFIX definition
 require_once("pkg-utils.inc");
 require_once("filter.inc");
 require("/usr/local/pkg/snort/snort_defs.inc");
@@ -3685,11 +3685,11 @@ function snort_remove_dead_rules() {
 	$cats = array();
 
 	// If there is no "deprecated_rules" file, then exit
-	if (!file_exists("{$rulesdir}deprecated_rules"))
+	if (!file_exists("/usr/local/pkg/snort/deprecated_rules"))
 		return;
 
 	// Open a SplFileObject to read in deprecated rules
-	$file = new SplFileObject("{$rulesdir}/deprecated_rules");
+	$file = new SplFileObject("/usr/local/pkg/snort/deprecated_rules");
 	$file->setFlags(SplFileObject::READ_AHEAD | SplFileObject::SKIP_EMPTY | SplFileObject::DROP_NEW_LINE);
 	while (!$file->eof()) {
 		$line = $file->fgets();

security/pfSense-pkg-snort/files/usr/local/pkg/snort/snort_defs.inc

@@ -5,7 +5,7 @@
  * Copyright (C) 2006 Scott Ullrich
  * Copyright (C) 2009-2010 Robert Zelaya
  * Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013-2015 Bill Meeks
+ * Copyright (C) 2013-2016 Bill Meeks
  * part of pfSense
  * All rights reserved.
  *
@@ -50,7 +50,7 @@ if (!defined("SNORT_BIN_VERSION")) {
 	if (!empty($snortver))
 		define("SNORT_BIN_VERSION", $snortver);
 	else
-		define("SNORT_BIN_VERSION", "2.9.7.6");
+		define("SNORT_BIN_VERSION", "2.9.8.0");
 }
 if (!defined("SNORT_SID_MODS_PATH"))
 	define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/");

security/pfSense-pkg-snort/files/usr/local/pkg/snort/snort_post_install.php

@@ -5,7 +5,7 @@
  * Copyright (C) 2006 Scott Ullrich
  * Copyright (C) 2009-2010 Robert Zelaya
  * Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013-2014 Bill Meeks
+ * Copyright (C) 2013-2016 Bill Meeks
  * part of pfSense
  * All rights reserved.
  *
@@ -40,6 +40,7 @@
 
 require_once("config.inc");
 require_once("functions.inc");
+require_once("service-utils.inc"); // Need this to get RCFILEPREFIX constant
 require_once("/usr/local/pkg/snort/snort.inc");
 require("/usr/local/pkg/snort/snort_defs.inc");
 
@@ -67,6 +68,9 @@
 	unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid");
 }
 
+// Remove any LCK files for Snort that might have been left behind
+unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck");
+
 /* Set flag for post-install in progress */
 $g['snort_postinstall'] = true;
 
@@ -85,9 +89,6 @@
 @rename("{$snortdir}/gen-msg.map-sample", "{$snortdir}/gen-msg.map");
 //@rename("{$snortdir}/attribute_table.dtd-sample", "{$snortdir}/attribute_table.dtd");
 
-/* Move deprecated_rules file to SNORTDIR/rules directory */
-@rename("/usr/local/pkg/snort/deprecated_rules", "{$snortdir}/rules/deprecated_rules");
-
 /* fix up the preprocessor rules filenames from a PBI package install */
 $preproc_rules = array("decoder.rules", "preprocessor.rules", "sensitive-data.rules");
 foreach ($preproc_rules as $file) {
@@ -108,7 +109,7 @@
 
 /* If installed, absorb the Snort Dashboard Widget into this package */
 /* by removing it as a separately installed package.                 */
-$pkgid = get_pkg_id("Dashboard Widget: Snort");
+$pkgid = get_package_id("Dashboard Widget: Snort");
 if ($pkgid >= 0) {
 	log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package."));
 	unset($config['installedpackages']['package'][$pkgid]);
@@ -141,8 +142,8 @@
 
 /* remake saved settings */
 if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
-	log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings..."));
-	update_status(gettext("Saved settings detected..."));
+	log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings."));
+	update_status(gettext("Saved settings detected.") . "\n");
 
 	/****************************************************************/
 	/* Do test and fix for duplicate UUIDs if this install was      */
@@ -180,16 +181,12 @@
 	/****************************************************************/
 
 	/* Do one-time settings migration for new multi-engine configurations */
-	$static_output .= gettext("\nMigrating settings to new configuration...");
-	update_output_window($static_output);
+	update_status(gettext("Migrating settings to new configuration..."));
 	include('/usr/local/pkg/snort/snort_migrate_config.php');
-	$static_output .= gettext(" done.\n");
-	update_output_window($static_output);
-	log_error(gettext("[Snort] Downloading and updating configured rule sets..."));
-	if ($pkg_interface <> "console")
-		$snort_gui_include = true;
+	update_status(gettext(" done.") . "\n");
+	log_error(gettext("[Snort] Downloading and updating configured rule sets."));
 	include('/usr/local/pkg/snort/snort_check_for_rule_updates.php');
-	update_status(gettext("Generating snort.conf configuration file from saved settings..."));
+	update_status(gettext("Generating snort.conf configuration file from saved settings.") . "\n");
 	$rebuild_rules = true;
 	conf_mount_rw();
 
@@ -199,8 +196,7 @@
 		$if_real = get_real_interface($snortcfg['interface']);
 		$snort_uuid = $snortcfg['uuid'];
 		$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
-		$static_output .= gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...");
-		update_output_window($static_output);
+		update_status(gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "..."));
 
 		// Pull in the PHP code that generates the snort.conf file
 		// variables that will be substituted further down below.
@@ -227,16 +223,13 @@
 		if ($snortcfg['barnyard_enable'] == 'on')
 			snort_generate_barnyard2_conf($snortcfg, $if_real);
 
-		$static_output .= gettext(" done.\n");
-		update_output_window($static_output);
+		update_status(gettext(" done.") . "\n");
 	}
 
 	/* create snort bootup file snort.sh */
-	$static_output .= gettext("Generating snort.sh script in {$rcdir}...");
-	update_output_window($static_output);
+	update_status(gettext("Generating snort.sh script in {$rcdir}..."));
 	snort_create_rc();
-	$static_output .= gettext(" done.\n");
-	update_output_window($static_output);
+	update_status(gettext(" done.") . "\n");
 
 	/* Set Log Limit, Block Hosts Time and Rules Update Time */
 	snort_snortloglimit_install_cron(true);
@@ -249,22 +242,8 @@
 		$config['widgets']['sequence'] .= "," . $config['installedpackages']['snortglobal']['dashboard_widget'];
 
 	$rebuild_rules = false;
-	if ($pkg_interface <> "console")
-		update_output_window(gettext("Finished rebuilding Snort configuration files..."));
-	log_error(gettext("[Snort] Finished rebuilding installation from saved settings..."));
-
-	/* Only try to start Snort if not in reboot */
-	if (!($g['booting'])) {
-		if ($pkg_interface <> "console") {
-			update_status(gettext("Starting Snort using rebuilt configuration..."));
-			$static_output .= gettext("Starting Snort as a background task using the rebuilt configuration... ");
-			mwexec_bg("{$rcdir}snort.sh start");
-			update_output_window($static_output);
-		}
-		else
-			mwexec_bg("{$rcdir}snort.sh start");
-	}
-	update_status("");
+	update_status(gettext("Finished rebuilding Snort configuration files.") . "\n");
+	log_error(gettext("[Snort] Finished rebuilding installation from saved settings."));
 }
 
 /* We're finished with conf partition mods, return to read-only */
@@ -276,8 +255,8 @@
 	$config['widgets']['sequence'] .= ",{$snort_widget_container}";
 
 /* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = $config['installedpackages']['package'][get_pkg_id("snort")]['version'];
-write_config("Snort pkg v{$config['installedpackages']['package'][get_pkg_id("snort")]['version']}: post-install configuration saved.");
+$config['installedpackages']['snortglobal']['snort_config_ver'] = $config['installedpackages']['package'][get_package_id("snort")]['version'];
+write_config("Snort pkg v{$config['installedpackages']['package'][get_package_id("snort")]['version']}: post-install configuration saved.");
 
 /* Done with post-install, so clear flag */
 unset($g['snort_postinstall']);

security/pfSense-pkg-snort/files/usr/local/www/snort/snort_blocked.php

@@ -61,7 +61,7 @@
 	else
 		$response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve"));
 
-	echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode
+	print(json_encode(str_replace("\\","\\\\", $response))); // single escape chars can break JSON decode
 	exit;
 }
 # --- AJAX REVERSE DNS RESOLVE End ---
@@ -148,7 +148,7 @@
 
 /* refresh every 60 secs */
 if ($pconfig['brefresh'] == 'on')
-	echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
+	print('<meta http-equiv="refresh" content="60;url=/snort/snort_blocked.php" />\n');
 
 /* Display Alert message */
 if ($input_errors) {
@@ -321,29 +321,29 @@
 					$rdns_link .= "<i class=\"fa fa-search icon-pointer\" onclick=\"javascript:resolve_with_ajax('{$blocked_ip}');\" title=\"";
 					$rdns_link .= gettext("Resolve host via reverse DNS lookup") . "\" alt=\"Icon Reverse Resolve with DNS\"></i>";
 
-					/* use one echo to do the magic*/
-						echo "<tr class=\"text-nowrap\">
+					/* print the table row */
+						print("<tr class=\"text-nowrap\">
 							<td>{$counter}</td>
 							<td style=\"word-wrap:break-word; white-space:normal\">{$tmp_ip}<br/>{$rdns_link}</td>
 							<td style=\"word-wrap:break-word; white-space:normal\">{$blocked_desc}</td>
 							<td><i class=\"fa fa-times icon-pointer text-danger\" onClick=\"$('#ip').val('{$blocked_ip}');$('#mode').val('todelete');$('#formblock').submit();\" 
 							 title=\"" . gettext("Delete host from Blocked Table") . "\"></i></td>
-						</tr>\n";
+						</tr>\n");
 				}
 			}
 			?>
 			</tbody>
 			<tfoot>
 				<tr>
-					<td colspan="4">
+					<td colspan="4" style="text-align:center;" class="alert-info">
 						<?php	if (!empty($blocked_ips_array)) {
 							if ($counter > 1)
-								echo "{$counter}" . gettext(" host IP addresses are currently being blocked.");
+								print($counter . gettext(" host IP addresses are currently being blocked by Snort."));
 							else
-								echo "{$counter}" . gettext(" host IP address is currently being blocked.");
+								print($counter . gettext(" host IP address is currently being blocked Snort."));
 						}
 						else {
-							echo gettext("There are currently no hosts being blocked by Snort.");
+							print(gettext("There are currently no hosts being blocked by Snort."));
 						}
 						?>
 					</td>